Jump to content

Blisqy SQL Inject


Cyb3rShot
 Share

Recommended Posts

Blisqy is a tool to aid Web Security researchers to find Time-based Blind SQL injection on HTTP Headers and also exploitation of the same vulnerability.

The exploitation enables slow data siphon from a database (currently supports MySQL/MariaDB only) using bitwise operation on printable ASCII characters, via a blind-SQL injection.

For interoperability with other Python tools and to enable other users utilise the features provided in Blisqy, the modules herein can be imported into other Python based scripts.

When testing for Time-based Blind SQL injections, any network lag or congestion can affect the effectiveness of your fuzzing or exploitation. To compensate for the possible network lags and uncertainties that might cause delays, Blisqy time comparison is dynamic and it's calculated at runtime for each test. The tests utilizes greenlet(alight-weight cooperatively-scheduled execution unit) to provide a high-level synchronous API on top of libevevent loop. It provides a fast and efficient way of carrying out the payload tests in a short time, also, one particular test should not affect another because they are not fully done in a sequential method.

Spoiler

To see the link, you must have 50+ comments (Rank User+) if you do not have you will need a subscription +Client, Gold or VIP! The link is currently hidden from you. Request a subscription from this link : --> https://forum.softinfo.org/subscriptions/

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...